/**
 * sessionAuth
 *
 * @module      :: Policy
 * @description :: Simple policy to allow any authenticated user
 *                 Assumes that your login action in one of your controllers sets `req.session.authenticated = true;`
 * @docs        :: http://sailsjs.org/#!/documentation/concepts/Policies
 *
 */
module.exports = function(req, res, next) {

	// User is allowed, proceed to the next policy, 
	// or if this is the last policy, the controlle

	if (req.session.user != null) {
		return next();
	}

	var reqPath = req.path;
	if (reqPath.startWith(sails.config.application.appPrefix)) {
		return res.view('mobile/index', {
			'login' : false,
			'AuthURL' : WechatService.getAuthorizeURL()
		});
	} else {
		return res.redirect(sails.config.application.adminPath + '/login');
	}

	// User is not allowed
	// (default res.forbidden() behavior can be overridden in `config/403.js`)
	// return res.forbidden('You are not permitted to perform this action.');
};
